HTTP认证
系统使用EMQX的HTTP认证插件,实现自定义认证逻辑。配置文件位于:etc/plugins/emqx_auth_http.conf
## 修改认证请求中的请求地址,其他保持默认
auth.http.auth_req = http://localhost:8080/iot/tool/mqtt/auth
auth.http.auth_req.method = post
auth.http.auth_req.params = clientid=%c,username=%u,password=%P
## 注释超级用户的请求地址、请求方式和参数
# auth.http.super_req = http://127.0.0.1:8991/mqtt/superuser
# auth.http.super_req.method = post
# auth.http.super_req.params = clientid=%c,username=%u
## 注释ACL鉴权的请求地址、请求方法和参数
# auth.http.acl_req = http://127.0.0.1:8991/mqtt/acl
# auth.http.acl_req.method = get
# auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
认证请求地址为后端接口 http://localhost:8080/iot/tool/mqtt/auth
,后端运行在本地使用localhost或本机IP,端口默认8080,如果做了修改或者代理,需要对应修改。超级用户认证和ACL鉴权用不到,但是需要注释掉,不然会占用几秒的认证时间。
#WebHook
系统使用EMQX的WebHook插件,实现设备上下线和IP定位功能。配置文件位于:etc/plugins/emqx_web_hook.conf
## 修改webhook地址
web.hook.api.url = http://localhost:8080/iot/tool/mqtt/webhook
# web.hook.rule.client.connect.1 = {"action": "on_client_connect"}
# web.hook.rule.client.connack.1 = {"action": "on_client_connack"}
web.hook.rule.client.connected.1 = {"action": "on_client_connected"}
web.hook.rule.client.disconnected.1 = {"action": "on_client_disconnected"}
# web.hook.rule.client.subscribe.1 = {"action": "on_client_subscribe"}
# web.hook.rule.client.unsubscribe.1 = {"action": "on_client_unsubscribe"}
# web.hook.rule.session.subscribed.1 = {"action": "on_session_subscribed"}
# web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
# web.hook.rule.session.terminated.1 = {"action": "on_session_terminated"}
# web.hook.rule.message.publish.1 = {"action": "on_message_publish"}
# web.hook.rule.message.delivered.1 = {"action": "on_message_delivered"}
# web.hook.rule.message.acked.1 = {"action": "on_message_acked"}
WebHook地址为后端接口 http://localhost:8080/iot/tool/mqtt/webhook
,后端运行在本地使用localhost或本机IP,端口默认8080,如果做了修改或者代理,需要对应修改。启用 web.hook.rule.client.connected.1
和 web.hook.rule.client.disconnected.1
其他项注释掉,节省后端资源。
#关闭匿名认证
匿名认证不安全,同时会影响认证流程,需要关闭。配置文件位于: etc/emqx.conf
,文件比较大,大概位于第447行。
## Value: true | false
allow_anonymous = false
#启用Http认证和WebHook插件
在 EMQX 启动时就默认启动插件,直接在 data/loaded_plugins
添加需要启动的插件名称 {emqx_auth_http,true}. {emqx_web_hook,true}. {emqx_delayed_publish ,true}.
。安装方式不同配置文件可能在 /var/lib/emqx/loaded_plugins
位置。emqx所有配置修改完后,重启emqx。
{emqx_management,true}.
{emqx_recon,true}.
{emqx_retainer,true}.
{emqx_dashboard,true}.
{emqx_rule_engine,true}.
{emqx_bridge_mqtt,false}.
{emqx_auth_http,true}.
{emqx_web_hook,true}.
{emqx_delayed_publish ,true}.